When multiple ingress gateways serve the same domain, they typically need identical routing rules. Duplicating a Gateway resource for each ingress gateway increases configuration overhead and creates drift risk. Instead, bind a single Gateway to all target ingress gateways through a shared label selector. This keeps routing rules consistent and reduces the number of resources to maintain.
How it works
A Gateway resource uses the spec.selector field to match ingress gateway pods by their labels. Any pod whose labels match the selector receives the Gateway configuration. To share one Gateway across multiple ingress gateways:
Add the same custom label (for example,
key1: value1) to each ingress gateway through thepodLabelsfield.Set the Gateway resource's
spec.selectorto match that label.
All ingress gateways with the matching label then share the same Gateway configuration automatically.
Example scenario: Two DNS A records for xxx.xxx.cn point to two Classic Load Balancer (CLB) instances. Each CLB routes traffic to a different ingress gateway in the same Alibaba Cloud Service Mesh (ASM) instance. Both ingress gateways need the same listener and routing rules, so they share a single Gateway resource.
For field definitions, see CRD fields for an ASM gateway and Gateway.
Prerequisites
Before you begin, make sure you have:
An ASM instance of v1.13.4.46 or later. See Create an ASM instance
A cluster added to the ASM instance. See Add a cluster to an ASM instance
At least two ingress gateways deployed. See Create an ingress gateway
An application deployed in the ASM instance. See Deploy an application in an ASM instance
Add a shared label to ingress gateways
Add the same label to each ingress gateway so that a single Gateway resource can select them all.
Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, click the name of the target ASM instance. In the left-side navigation pane, choose ASM Gateways > Ingress Gateway.
On the Ingress Gateway page, find the first ingress gateway and click YAML.
In the Edit dialog box, add a
podLabelsfield underspec, then click OK.... spec: podLabels: key1: value1 # Custom label for Gateway selector matching ...Repeat Steps 3--4 for each additional ingress gateway that needs to share the same Gateway.
Use the same label key-value pair across all ingress gateways that should share the Gateway.
Configure the Gateway selector
After all target ingress gateways share the same label, configure the Gateway resource to select them.
On the details page of the ASM instance, choose ASM Gateways > Gateway in the left-side navigation pane.
On the Gateway page, find the target Istio gateway and click YAML in the Actions column.
In the Edit dialog box, set
spec.selectorto match the label you added to the ingress gateways, then click OK. The Gateway now applies to every ingress gateway pod labeledkey1: value1.apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: name: bookinfo-gateway namespace: default spec: selector: key1: value1 # Matches the podLabels on your ingress gateways servers: - hosts: - '*' port: name: http number: 80 protocol: HTTP
Route traffic with a VirtualService
A Gateway only configures the proxy to listen on specified ports. To route traffic to backend services, create a VirtualService that references the Gateway:
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo-vs
namespace: default
spec:
hosts:
- '*'
gateways:
- bookinfo-gateway # References the Gateway defined above
http:
- match:
- uri:
exact: /productpage
route:
- destination:
host: productpage # Target Kubernetes Service
port:
number: 9080For VirtualService field definitions, see VirtualService. To create a VirtualService in the ASM console, see Manage virtual services.
When multiple teams share a Gateway, you can split routing rules across separate VirtualService resources. Istio merges VirtualService resources that are bound to the same Gateway. Make sure each VirtualService defines unique route matches to avoid conflicts.